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Amendments to the Claims 

The listing of claims will replace all prior versions, and listings of claims in 
the application. 

1 . (withdrawn) A method of mirroring security processors comprising the 
steps of: 

generating information for a first security processor; 
repeatedly sending the information to a second security processor in 
accordance with the first security processor processing at least one packet. 

2. (withdrawn) The method of claim 1 wherein the sending step 
comprises sending the information from the first security processor to the second 
processor. 

3. (withdrawn) The method of claim 1 wherein the generating step 
comprises generating the information in the first security processor. 

4. (withdrawn) The method of claim 1 further comprising the step of 
generating at least one packet including the information, wherein the sending step 
comprises sending the at least one packet over a packet network. 

5. (withdrawn) The method of claim 1 wherein the sending step further 
comprises sending the information over a dedicated link between the first security 
processor and the second security processor. 

6. (withdrawn) The method of claim 5 wherein the dedicated link 
comprises an Ethernet link. 
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7. (withdrawn) The method of claim 1 wherein the sending step 
comprises repeatedly sending the information on a per-packet basis. 

8. (withdrawn) The method of claim 1 wherein the sending step 
comprises repeatedly sending the information at intervals according to at least one 
sequence number. 

9. (withdrawn) A method of mirroring security processors comprising the 
steps of: 

generating security association information for a first security 
processor; and 

repeatedly sending the security association information to a second 
security processor in accordance with the first security processor processing at 
least one packet. 

10. (withdrawn) The method of claim 9 wherein the information comprises 
at least one security association sequence number. 

1 1 . (withdrawn) The method of claim 9 wherein the information comprises 
at least one security association byte count. 

12. (withdrawn) The method of claim 9 wherein the sending step further 
comprises repeatedly sending the security association information on a per-packet 
basis. 
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13. (withdrawn) The method of claim 9 wherein the sending step further 
comprises repeatedly sending the security association information at intervals 
according to at least one sequence number. 

14. (withdrawn) The method of claim 9 further comprising the step of 
generating at least one packet including the security association information, wherein 
the sending step comprises sending the at least one packet. 

15. (withdrawn) The method of claim 9 further comprising the step of 
generating at least one packet including the security association information, wherein 
the sending step comprises sending the at least one packet over a packet network. 

16. (withdrawn) The method of claim 9 wherein the sending step further 
comprises sending the information over a dedicated link between the first security 
processor and the second security processor. 

17. (withdrawn) The method of claim 16 wherein the dedicated link 
comprises an Ethernet link. 

18. (currently amended) A method of providing redundancy in a security 
processing system comprising the steps of: 

establishing a first secure packet flow through a first mirror e d security 

processor; 

updating security association information associated with the first 
secure packet flow; 
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establishing a second secure packet flow through a second mirror e d 
security processor; 

updating security association information associated with the second 
secure packet flow; 

sending the updated security association information associated with 
the first secure packet flow from the first mirrored security processor to the second 
security mirror e d processor in a first update packet having a custom routing header 
configur e d to allow routing of tho first update packet through mirrored s e curity 
proc e ssors, wher e in first update pack e t is sent when a sequence number in the security 
association information associated with the first secure packet flow reaches a first 
predefined value at a first pr e d e fined interval ; 

sending the updated security association information associated with 
the second secure packet flow for from t he second mirror e d security processor to the 
first mirrored security processor in a second update packet having a custom routing 
h e ad e r configur e d to allow routing of th e second updat e pack e t through mirrored 
security proc e ssors, wh e rein se cond update packet is sent when a sequence number in 
the security association information associated with the second secure packet flow 
reaches a second predefined value at a second pred e fined int e rval ; and 

storing the updated security association information associated with the 
first secure packet flow and the updated security association information associated 
with the second secure packet flow in the first mirror e d security processor and in the 
second mirrored security processor. 
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19. (currently amended) The method of claim 45 wherein the rerouting 
step is in response to a failure of packet flow through the first mirrored security 
processor. 

20. (canceled) 

2 1 . (currently amended) The method of claim 1 8 wherein the th e custom 
routing head e r comprise s a at least one s e quenc e number, wh e r e in the sequence 
number in the security association information associated with the first secure packet 
flow is incremented when an update apacket in the first secure packet flow is 
received from or transmitted to a network. 

22. (currently amended) The method of claim 18 wherein the security 
association information associated with the first secure packet flow the custom 
routing head e r comprises a at least one byte count. 

23-24. (canceled) 

25. (currently amended) The method of claim 18 further comprising the step 
of generating at least one configuration packet including the security association 
information associated with the first secure packet flow , wherein sending the updated 
security association information from the first mirrored security processor to the 
second mirrored security processor comprises sending the at least one configuration 
packet. 
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26. (currently amended) The method of claim 18 further comprising the step 
of sending, by a host processor, configuration information to the first mirrored 
security processor and the second mirror e d security processor. 

27. (currently amended) The method of claim 18 further comprising the step 
of sending, by a host processor, security association configuration information to the 
first mirrored security processor and the second mirrored security processor. 

28. (canceled) 

29. (currently amended) The method of claim 18 further comprising the steps 

of: 

defining a quantity to adjust [[a]] the sequence number in the security 
association information associated with the first secure packet flow ; 

defining an interval at which to update the security association 
information associated with the first secure packet flow ; and 

determining whether to send the security association information 
associated with the first secure packet flow to the second mirrored security processor 
according to a comparison of [[a]] the sequence number with the interval. 

30. (currently amended) The method of claim 29 further comprising adding 
the quantity to the sequence number before sending the security association 
information associated with the first secure packet flow to the second mirrored 
security processor. 

31-33. (canceled) 
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34. (currently amended) The method of claim 18 further comprising the 
step of sending replay window information to the second mirrored security processor. 

35. (withdrawn) A security processing system, comprising: 

a first security processor for processing packets and for updating 
security association information associated with the packets, the first security 
processor comprising at least one MAC for sending updated security association 
information over a packet network; and 

a second security processor for receiving the updated security 
association information over the packet network. 

36. (withdrawn) The security processing system of claim 35 further 
comprising at least one host processor connected to the first security processor and the 
second security processor for terminating or initiating the packets. 

37. (withdrawn) The security processing system of claim 36 wherein the at 
least one host processor changes the routing of packet flow by either routing the 
packets to the second security processor instead of the first security processor. 

38. (currently amended) A security processing system, comprising: 

a first mirror e d security processor configured to process a first packet 
flow, update security association information in response to the first packet flow, and 
send the updated security association information associated with the first packet 
flow in a first update packet when a sequence number in the security association 
information associated with the first packet flow reaches a first predefined value 
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having a custom routing h e ader configured to allow routing of the first update pack e t 

through mirror e d security processors ; and 

a second mirrored security processor configured to process a second 
packet flow, update security association information in response to the second packet 
flow, and send the updated security association information associated with the 
second packet flow in a second update packet when a sequence number in the security 
association information associated with the second packet flow reaches a second 
predefined value having a custom routing header configured to allow routing of th e 
s e cond update packet through mirrored security proc e ssors , 

wherein the first mirror e d security processor is further configured to 
send the updated security association information in response to the first packet flow 
to the second mirror e d security processor at a first predefined interval and the second 
mirror e d security processor is further configured to send the updated security 
association information in response to the second packet flow to the first mirrored 
security processor. 

39. (currently amended) The security processing system of claim 46 
further comprising wherein the at least one host processor is_connected to the at least 
one switch for terminating or initiating the first packet flow and the second packet 
flow. 

40. (currently amended) The security processing system of claim 39 
wherein the at least one host processor changes the routing of packet flow by either 
routing the first packet flow to the second mirrored security processor instead of the 
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first mirrored security processor or routing the second packet flow to the first 

mirror e d security processor instead of the second mirror e d security processor. 

41 . (currently amended) The security processing system of claim 40 
wherein the change in the routing is in response to a failure of the first packet flow 
through the first mirror e d security processor or the second packet flow through the 
second mirrored security processor. 

42. (canceled) 

43. (currently amended) The security processing system of claim 46 [[47]] 
wherein the at least one host processor routes the first packet flow to the second 
security mirrored processor instead of the first security processor. 

44. (currently amended) The security processing system of claim 43 IT4811 
wherein the at least one host processor routes the second packet flow to the first 
mirrored security processor instead of the second mirrored security processor. 

45. (currently amended) The method of claim 18, further comprising: 
rerouting the first secure packet flow to flow through the second 

mirrored security processor instead of the first mirror e d security processor 

46. (currently amended) The security processing system of claim 38, 
further comprising: 

at least one host processor for establishing [[a]]] first packet flow to the 
first mirrored security processor and [[a]] the second packet flow to the second 
mirrored security processor [[;]] . 



